Re: Experiments with Postgres and SSL
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Matthias van de Meent <boekewurm+postgres@gmail.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>,
Greg Stark <stark@mit.edu>, Andrey Borodin <amborodin86@gmail.com>,
Jacob Champion <jchampion@timescale.com>,
Vladimir Sitnikov <sitnikov.vladimir@gmail.com>,
Michael Paquier <michael@paquier.xyz>
Date: 2024-03-05T14:08:54Z
Lists: pgsql-hackers
Attachments
- v8-0001-Move-Kerberos-module.patch (text/x-patch) patch v8-0001
- v8-0002-Add-tests-for-libpq-choosing-encryption-mode.patch (text/x-patch) patch v8-0002
- v8-0003-Direct-SSL-connections-client-and-server-support.patch (text/x-patch) patch v8-0003
- v8-0004-Direct-SSL-connections-ALPN-support.patch (text/x-patch) patch v8-0004
- v8-0005-Add-tests-for-sslnegotiation.patch (text/x-patch) patch v8-0005
- v8-0006-WIP-refactor-state-machine-in-libpq.patch (text/x-patch) patch v8-0006
I hope I didn't joggle your elbow reviewing this, Jacob, but I spent some time rebase and fix various little things: - Incorporated Matthias's test changes - Squashed the client, server and documentation patches. Not much point in keeping them separate, as one requires the other, and if you're only interested e.g. in the server parts, just look at src/backend. - Squashed some of my refactorings with the main patches, because I'm certain enough that they're desirable. I kept the last libpq state machine refactoring separate though. I'm pretty sure we need a refactoring like that, but I'm not 100% sure about the details. - Added some comments to the new state machine logic in fe-connect.c. - Removed the XXX comments about TLS alerts. - Removed the "Allow pipelining data after ssl request" patch - Reordered the patches so that the first two patches add the tests different combinations of sslmode, gssencmode and server support. That could be committed separately, without the rest of the patches. A later patch expands the tests for the new sslnegotiation option. The tests are still not distinguishing whether a connection was established in direct or negotiated mode. So if we e.g. had a bug that accidentally disabled direct SSL connection completely and always used negotiated mode, the tests would still pass. I'd like to see some tests that would catch that. -- Heikki Linnakangas Neon (https://neon.tech)
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Enhance libpq encryption negotiation tests with new GUC
- 705843d294d5 17.0 landed
-
With gssencmode='require', check credential cache before connecting
- 20f9b61cc192 17.0 landed
-
Add tests for libpq gssencmode and sslmode options
- 1169920ff770 17.0 landed
-
Move Kerberos module
- 9f899562d420 17.0 landed
-
Give nicer error message when connecting to a v10 server requiring SCRAM.
- 96d0f988b150 9.4.12 cited